Solved

SBS 2011 - Exchange 2010 - Delayed incoming email

Posted on 2013-12-11
14
788 Views
Last Modified: 2014-02-11
Hey Guys

I've got a strange thing happening with some incoming emails from certain domains.
A user will send an email out at say 9.08am.
The email is received by the recipient within a minute or so.
The recipient emails back their reply 20min later say 9.27am.
But the doesn't receive the reply until 5.04pm that day.
This is happening in OWA as well as Outlook.

I have checked the connection logs for that time and I can't see any errors.

One thing I noticed in the receive logs is quite a few errors about "4.3.2 Service not available". Though those errors don't really occur at the same time as I'd expect the reply to come in.

Here is a screenshot of the log for one of the days that the issue occurred (however I think that looks like an issue with their printer):
receive connector log
Are there any other logs you would suggest looking at?
Do you think it's more likely the recipients exchange server?

Kind Regards
Aaron
0
Comment
Question by:moncomp
  • 9
  • 4
14 Comments
 
LVL 6

Expert Comment

by:donnk
ID: 39713331
show the full email header for the one where you say the email hits your server at 9:27 but the server doesnt deliver it until 5:04
0
 

Author Comment

by:moncomp
ID: 39713370
Here is the email header info:

Received: from webhosting.x.x.x (x.x.x.x) by myexchangeserver.com
 (192.168.45.10) with Microsoft SMTP Server (TLS) id 14.1.438.0; Mon, 9 Dec
 2013 17:04:06 +0800
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=sendingserver.com;
      h=Received:From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language:X-Source:X-Source-Args:X-Source-Dir;
      b=DHkmUqJqbh+bvV3zJkrw+uxqBYIeK3o9QaKRk1DbjDw9GpO75eWJvjUyNFJioQtsCGGfQqYJswecU4AVmx3SCzl2IXg+CHQ2SXyTyP/ciJ7Eeb53/HQQh/6t2qZ7Eqeo;
Received: from [x.x.x.x] (helo=userPC)      by webhosting.x.x.x with esmtpa
 (Exim 4.69)      (envelope-from <sender@sendersdomain.com>)      id
 1VpqYQ-0004Pd-Qn      for user@myexchangeserver.com; Mon, 09 Dec 2013 09:26:38
 +0700
From: Sender <sender@sendersdomaincom>
To: 'User' <user@myexchangeservercom>
References: <46B795CAF3E4BA49BF741C6B56B43391DFD01F@SERVER.local>
In-Reply-To: <46B795CAF3E4BA49BF741C6B56B43391DFD01F@SERVER.local>
Subject: RE: SENDERS SUBJECT
Date: Mon, 9 Dec 2013 09:26:38 +0700
Message-ID: <000901cef486$16f47e80$44dd7b80$@sendersdomain.com>
MIME-Version: 1.0
Content-Type: multipart/related;
      boundary="----=_NextPart_000_000A_01CEF4C0.C355C780"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFi1XZufTGydSp2DdoKCVd2eZByYZsjYMZg
Content-Language: en-us
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - webhosting.x.x.x
X-AntiAbuse: Original Domain - myexchangeserver.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sendersdomain.com
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: sender@sendersdomain.com
X-MS-Exchange-Organization-AuthSource: SERVER.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EsetId: 56DCDF3D23A3BB2505918E
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713384
ok so this his your mail server at  Mon, 09 Dec 2013 09:26:38, now show the tracking log from exchange toolbox for this email.

Also I see the header is being interfered with:

X-AntiAbuse      This header was added to track abuse, please include it with any abuse report

What is doing this ? Is your exchange box the MX record server or are you pulling email from another server ?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:moncomp
ID: 39713389
is this what you are after?
tracking log
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713395
X-AntiAbuse  this looks to be the  issue. Where is it being applied ?
0
 

Author Comment

by:moncomp
ID: 39713405
Good question. That I'm not sure of. How do I track that down? Is that definitely going to be my end, not the recipients end?

Anti-Spam is disabled on the SBS 2011 Exchange server.
Could that be applied by the firewall?
0
 

Author Comment

by:moncomp
ID: 39713407
The server is set as the MX server, it's not using POP3 connector if that's what you meant.
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713416
normally cpanel boxes add it, are these delayed mails always from the same people ?
0
 

Author Comment

by:moncomp
ID: 39713432
I think the user has only complained about two domains only.

I went back over the email history for the sender linked to the above logs.
There only seems to be X-AntiAbuse information attached to email when the email has is being replied to by the sender.

Here is the host that's doing it by the looks from the logs: X-AntiAbuse: Primary Hostname - webhosting.u.net.id

I think that's the senders domain. Maybe their email is housed in cpanel?
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 39713435
okay the delay is from webhosting.x.x.x to you. I am going to assume that webhosting.x.x.x is the ISP or smart host being used by the sender, and it is getting bogged down with sending the mail.

to read headers a great tool is http://mxtoolbox.com/EmailHeaders.aspx

Simply paste the headers and it will give you a report that makes more sense.

Cheers
Andrew
0
 

Author Comment

by:moncomp
ID: 39713439
I'll send a query about this this to the IT admin department that manages the host and see what they think.

Many thanks for your help Andrew :)
0
 

Author Comment

by:moncomp
ID: 39713441
hey one thing I notice when I run the read header tool is the total delay is really long.
Total Delay:       23848 seconds
The delay is only showing on my exchange server side.

Do you think I should be concerned about that at all?
0
 

Accepted Solution

by:
moncomp earned 0 total points
ID: 39841061
Hey donnk

Found the issue with Fortigate support.
We updated the firmware to the latest version as their version was quite old.
But then we found someone had configured bandwidth management on all SMTP traffic. We removed and issue has not returned! :)
0
 

Author Closing Comment

by:moncomp
ID: 39849699
found a firewall configuration issue that resolved the problem.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question